Skip to end of metadata
Go to start of metadata

The General Data Protection Regulation (“GDPR”) is a new legal framework that comes into effect on May 25, 2018.  The GDPR’s focus is the protection of personal data (i.e. data about individuals) and affects, among others, companies that process the personal data of individuals who are based in the EU. This includes suppliers and other third parties a company might utilize to process personal data. As a security-as-a-service provider, data privacy and security is at the core of our business and we are committed to protecting our customers’ personal data. We currently comply with applicable data protection regulations and are committed to GDPR compliance across our applicable products and services. Our internal cross-functional team has been working diligently to ensure our GDPR readiness.

The GDPR allocates responsibility between the data controller and the data processor with respect to the processing of personal data. Typically, Cyren will act as Processor when processing data on behalf of the Controller (i.e. enterprise customer, partner, OEM). Cyren will act as Controller when processing data on behalf of its employees and data subjects that have provided their information directly to Cyren (i.e. by registered for a seminar, white paper, etc).  Under the GDPR, both the data controller and data processor have duties and obligations to protect personal data and both face liability for failures to comply with the GDPR requirements. 

Where Can I Learn More About The GDPR?

 Click here to expand

Additional information about the GDPR is available on Cyren's Website:

and the official GDPR website of the EU.

Cyren's Commitment To Data Protection

 Click here to expand

Cyren is committed to meeting our customers’ privacy requirements, including compliance with the GDPR. See

Complying With Data Subject Rights (DSR)

 Click here to expand

In accordance with the privacy policy, data subjects that want to review, modify or delete their data should submit a request to 

Upon receipt, Cyren Legal/ DPO should verify with the requester if we hold their information directly or via a third party (i.e. enterprise customer, partner, OEM, etc). 

  1. If Cyren has collected the data directly (i.e. a data subject entering their data directly on our website, registering for a seminar, white paper, signed up for promotions at a conference, etc.) the Cyren Data Subject Rights Request Form should be sent to the data subject for completion. 
  2. If Cyren has collected the data indirectly (i.e. via an enterprise customer, partner or OEM), the data subject should be told to submit their request to the applicable entity and that entity will forward the request to us if applicable.
  3. If requester is the entity with whom we have a direct relationship (i.e. enterprise customer, partner, OEM), the Cyren Data Subject Rights Request Form should be sent to that entity  for completion.

Upon verification of the information in the form (note that additional information should be requested on a case by case basis to confirm the validity of the request), we should modify/delete the data as requested. Note also that data that we legitimately need to provide the services or for legal/accounting/tax purposes may be retained in certain circumstances. Additional questions or issues can be directed to

Data Privacy And Compliance

 Click here to expand...

As a security-as-a-service provider, data privacy and security is at the core of Cyren’s business and we are committed to protecting our customers’ personal data.

The Cyren Cloud Security platform provides different functionalities to ensure the protection of users’ privacy.

Regional Data Processing

Customer accounts can be affiliated and stored to either a US or EU region.

The selection of the account region determines the location of the customer's data processing. Data processing for EU customers is limited to Cyren’s data centers located in the European Union.

The URL to access the admin console changes according to the regional account affiliation.

This ensures that data will be processed from the servers located in the relevant region and that data will not be transferred outside of that region.

Regional data processing can be enforced in both the web and email security services.

For the Email Security service, all email traffic is processed in Cyren's data centers in Germany, when dual-engine is not enabled.

For the Web Security service, by default, the EU customer’s web traffic is routed only to the EU data centers. However, there is an alternative to change this via configuration from the Admin console.

Email Archiving: Data Guardian and Case Management Protection

The Cyren Email Archiving solution allows you to define user policy and access permissions. The Data Guardian role has no search rights but receives audit trail information for privileged users, accesses and actions.

You can’t use the Email Archiving system until you define the Data Guardian. For more information, see Data Guardian.

The Case Management limits the data that someone can search for, and therefore this functionality is useful when someone like an external auditor needs to conduct a search in data related to a specific matter. For more information, see Case Folders.

Privacy Guardian

For privacy and confidentiality reasons, you have the option of protecting real user names that are shown in the reports. This is applicable to all Email and Web Security reports, logs and also entries in the Incidents page.

When Privacy Guardian option is enabled the reports display pseudonames instead of real user names.

To see real user names, you need to have the Privacy Guardian permissions. For more information, see Displaying Real User Names in the Reports.

 Auditing and Compliance

The Cyren Cloud Security platform exposes an Audit log for any changes made by admins in the admin console.

An audit log is beneficial for auditing and compliance, for troubleshooting and for risk management.

The audit log identifies who performed which operation and when the operation was initiated. This information can then be used to highlight where training and/or disciplinary actions are needed.
The audit log may identify Unusual or unauthorized security events through the review of log data.

Audit logs can play an important part in a business’ overall risk management strategy, demonstrating to regulators that an organization has made a thorough effort to protect against cyber threats.For more information, see Audit Log

Online Consent for Remote Assistance Support

Remote Assistance Support ensures that your consent is required in order to give the Cyren support engineers access to your account for support and troubleshooting purposes.

By providing your consent, you provide the selected Cyren support engineer limited access to your account. For more information, see Remote Assistance Support.

  • No labels